Privacy
PolicyThe NHwoodworking website
does not automatically collect any personal information about you. We
only collect information when you choose to give it to us, for example,
when placing an order.

We do use "cookies"
when you shop to keep track of individual shopping carts.

Any information you
provide to us is treated with care and with your security in mind. Secure
transmission methods are used when you provide personal information. We
do not store credit card information on our website longer than is absolutely
necessary. This is why we must ask you to enter your credit card number
again each time you purchase.

If you provide your
email address, occasionaly [never more than monthly] you may receive promotional email from
NHwoodworking. You may change this option whenever you like. We will never sell or share your email address with others.

Security
NHwoodworking uses technology that is designed to securely transmit your
information via SSL or SHTTP. Examine the browser status indicator, and
if you see an indication that this transaction is secure, (on Netscape
it is an unbroken key in the lower left-hand corner; Internet Explorer
shows a padlock), you can be assured that your vital information is securely
encrypted as it transmits over the Internet. If you have any other questions
regarding Internet security, check out Netscape's or Microsoft's security
info page.

SSL Protocol
SSL (Secure Socket Layer) is a widely used Internet security protocol
that provides data encryption so no one except the recipient can read
the information being sent, authentication so that you're sure the information
is going where you intended, and there is message integrity so the information
is correct when it gets to its destination. Many browsers are compliant
with SSL, and most of them let you know when the protocol is in use. The
Netscape banner changes color and the security key appears unbroken; Internet
Explorer shows a padlock. If your browser shows the address of the site
you've contacted, it will start with https:// when your communications
are secure.

SSL uses public-key
encryption to exchange a session key between the client and server; this
session key is used to encrypt the http transaction (both request and
response). Each transaction uses a different session key so that if someone
manages to decrypt a transaction, that does not mean that they've found
the server's secret key; if they want to decrypt another transaction,
they'll need to spend as much time and effort on the second transaction
as they did on the first.

Netscape servers and
browsers do encryption using either a 40-bit secret key or a 128-bit secret
key. Many people feel that using a 40-bit key is insecure because it's
vulnerable to a "brute force" attack (trying each of the 2^40
possible keys until you find the one that decrypts the message). Using
a 128-bit key eliminates this problem because there are 2^128 instead
of 2^40 possible keys. Unfortunately, most Netscape users have browsers
that support only 40-bit secret keys. This is because of legal restrictions
on the encryption software that can be exported from the United States
(The Federal Government has recently modified this policy, following the
well-publicized cracking of a Netscape message encrypted using a 40-bit
key. Expect this situation to change).

In Netscape you can
tell what kind of encryption is in use for a particular document by looking
at the "document information" screen accessible from the file
menu. The little key in the lower left-hand corner of the Netscape window
also indicates this information. A solid key with two teeth means 128-bit
encryption, a solid key with one tooth means 40-bit encryption, and a
broken key means no encryption. Even if your browser supports 128-bit
encryption, it may use 40-bit encryption when talking to older Netscape
servers or Netscape servers outside the U.S. and Canada.